diff --git a/IRaCIS.Core.API/Controllers/ExtraController.cs b/IRaCIS.Core.API/Controllers/ExtraController.cs index d80cdabd2..b62bd168d 100644 --- a/IRaCIS.Core.API/Controllers/ExtraController.cs +++ b/IRaCIS.Core.API/Controllers/ExtraController.cs @@ -33,6 +33,10 @@ using ZiggyCreatures.Caching.Fusion; using AlibabaCloud.SDK.Sts20150401; using AlibabaCloud.SDK.Sts20150401.Models; using Org.BouncyCastle.Tls; +using Amazon.SecurityToken.Model; +using Amazon.SecurityToken; +using Amazon; +using AssumeRoleRequest = Amazon.SecurityToken.Model.AssumeRoleRequest; namespace IRaCIS.Api.Controllers { @@ -102,10 +106,10 @@ namespace IRaCIS.Api.Controllers public async Task Login(UserLoginDTO loginUser, [FromServices] IFusionCache _fusionCache, [FromServices] IUserService _userService, - [FromServices] ITokenService _tokenService, - [FromServices] IReadingImageTaskService readingImageTaskService, - [FromServices] IOptionsMonitor _verifyConfig, - [FromServices] IMailVerificationService _mailVerificationService) + [FromServices] ITokenService _tokenService, + [FromServices] IReadingImageTaskService readingImageTaskService, + [FromServices] IOptionsMonitor _verifyConfig, + [FromServices] IMailVerificationService _mailVerificationService) { //MFA 邮箱验证 前端传递用户Id 和MFACode @@ -293,7 +297,7 @@ namespace IRaCIS.Api.Controllers } [HttpGet("user/GetObjectStoreToken")] - public IResponseOutput GetObjectStoreToken([FromServices] IOptionsMonitor options) + public async Task GetObjectStoreTokenAsync([FromServices] IOptionsMonitor options) { var serviceOption = options.CurrentValue; @@ -344,11 +348,45 @@ namespace IRaCIS.Api.Controllers } else if (Enum.TryParse(serviceOption.ObjectStoreUse, out var parsedValue) && parsedValue == ObjectStoreUse.MinIO) { - return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO, AWS = serviceOption.AWS }); + return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO}); } else { - return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO, AWS = serviceOption.AWS }); + var awsOptions = serviceOption.AWS; + + //aws 临时凭证 + // 创建 STS 客户端 + var stsClient = new AmazonSecurityTokenServiceClient(awsOptions.AccessKeyId, awsOptions.SecretAccessKey); + + // 使用 AssumeRole 请求临时凭证 + var assumeRoleRequest = new AssumeRoleRequest + { + + RoleArn = awsOptions.RoleArn, // 角色 ARN + RoleSessionName = $"session-name-{NewId.NextGuid()}", + DurationSeconds = awsOptions.DurationSeconds // 临时凭证有效期 + }; + + var assumeRoleResponse = await stsClient.AssumeRoleAsync(assumeRoleRequest); + + var credentials = assumeRoleResponse.Credentials; + + var tempToken = new AWSTempToken() + { + AccessKeyId = credentials.AccessKeyId, + SecretAccessKey = credentials.SecretAccessKey, + SessionToken= credentials.SessionToken, + Expiration=credentials.Expiration, + + BucketName = awsOptions.BucketName, + EndPoint = awsOptions.EndPoint, + ViewEndpoint = awsOptions.ViewEndpoint, + + }; + + + + return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO, AWS = tempToken }); } } diff --git a/IRaCIS.Core.API/IRaCIS.Core.API.csproj b/IRaCIS.Core.API/IRaCIS.Core.API.csproj index cd759b427..609b589e2 100644 --- a/IRaCIS.Core.API/IRaCIS.Core.API.csproj +++ b/IRaCIS.Core.API/IRaCIS.Core.API.csproj @@ -64,6 +64,7 @@ + diff --git a/IRaCIS.Core.API/appsettings.Test_IRC.json b/IRaCIS.Core.API/appsettings.Test_IRC.json index 6b597b5cc..3138ca442 100644 --- a/IRaCIS.Core.API/appsettings.Test_IRC.json +++ b/IRaCIS.Core.API/appsettings.Test_IRC.json @@ -39,10 +39,12 @@ "AWS": { "EndPoint": "s3.us-east-1.amazonaws.com", "UseSSL": true, - "AccessKey": "AKIAZQ3DRSOHFPJJ6FEU", - "SecretKey": "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", - "BucketName": "ei-irc-test-store", - "ViewEndpoint": "https://ei-irc-test-store.s3.amazonaws.com/" + "RoleArn": "arn:aws:iam::471112624751:role/sts_s3_upload", + "AccessKeyId": "AKIAW3MEAFJXWRCGSX5Z", + "SecretAccessKey": "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", + "BucketName": "ei-med-s3-lili-uat-store", + "ViewEndpoint": "https://ei-med-s3-lili-uat-store.s3.amazonaws.com/", + "DurationSeconds": 7200 } }, diff --git a/IRaCIS.Core.Application/Helper/OSSService.cs b/IRaCIS.Core.Application/Helper/OSSService.cs index ba4c64de1..2c28d3be2 100644 --- a/IRaCIS.Core.Application/Helper/OSSService.cs +++ b/IRaCIS.Core.Application/Helper/OSSService.cs @@ -30,15 +30,17 @@ namespace IRaCIS.Core.Application.Helper } - [LowerCamelCaseJson] + public class AWSOptions { public string EndPoint { get; set; } public bool UseSSL { get; set; } - public string AccessKey { get; set; } - public string SecretKey { get; set; } + public string AccessKeyId { get; set; } + public string RoleArn { get; set; } + public string SecretAccessKey { get; set; } public string BucketName { get; set; } public string ViewEndpoint { get; set; } + public int DurationSeconds { get; set; } } public class AliyunOSSOptions @@ -60,7 +62,7 @@ namespace IRaCIS.Core.Application.Helper public int DurationSeconds { get; set; } - + } @@ -86,7 +88,7 @@ namespace IRaCIS.Core.Application.Helper public MinIOOptions MinIO { get; set; } - public AWSOptions AWS { get; set; } + public AWSTempToken AWS { get; set; } } @@ -106,14 +108,24 @@ namespace IRaCIS.Core.Application.Helper public string ViewEndpoint { get; set; } - + public string SecurityToken { get; set; } public string Expiration { get; set; } } - + [LowerCamelCaseJson] + public class AWSTempToken + { + public string SessionToken { get; set; } + public string EndPoint { get; set; } + public string AccessKeyId { get; set; } + public string SecretAccessKey { get; set; } + public string BucketName { get; set; } + public string ViewEndpoint { get; set; } + public DateTime Expiration { get; set; } + } public enum ObjectStoreUse { @@ -190,7 +202,7 @@ namespace IRaCIS.Core.Application.Helper var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var putObjectArgs = new PutObjectArgs() @@ -207,7 +219,7 @@ namespace IRaCIS.Core.Application.Helper var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var putObjectArgs = new PutObjectArgs() @@ -272,7 +284,7 @@ namespace IRaCIS.Core.Application.Helper var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var putObjectArgs = new PutObjectArgs() @@ -288,7 +300,7 @@ namespace IRaCIS.Core.Application.Helper var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var putObjectArgs = new PutObjectArgs() @@ -337,7 +349,7 @@ namespace IRaCIS.Core.Application.Helper var minIOConfig = ObjectStoreServiceOptions.MinIO; var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var getObjectArgs = new GetObjectArgs() @@ -353,7 +365,7 @@ namespace IRaCIS.Core.Application.Helper var minIOConfig = ObjectStoreServiceOptions.AWS; var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var getObjectArgs = new GetObjectArgs() @@ -409,7 +421,7 @@ namespace IRaCIS.Core.Application.Helper var minIOConfig = ObjectStoreServiceOptions.MinIO; var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); @@ -434,7 +446,7 @@ namespace IRaCIS.Core.Application.Helper var minIOConfig = ObjectStoreServiceOptions.AWS; var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var args = new PresignedGetObjectArgs() @@ -518,7 +530,7 @@ namespace IRaCIS.Core.Application.Helper var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") - .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL) + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build();